Page 15 of 3146 results (0.006 seconds)

CVSS: 7.5EPSS: 5%CPEs: 21EXPL: 1

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de una o más respuestas DNSSEC cuando hay una zona con muchos registros DNSKEY y RRSIG, también conocido como "KeyTrap". " asunto. La especificación del protocolo implica que un algoritmo debe evaluar todas las combinaciones de registros DNSKEY y RRSIG. Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled. • https://github.com/knqyf263/CVE-2023-50387 http://www.openwall.com/lists/oss-security/2024/02/16/2 http://www.openwall.com/lists/oss-security/2024/02/16/3 https://access.redhat.com/security/cve/CVE-2023-50387 https://bugzilla.suse.com/show_bug.cgi?id=1219823 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 https://kb.isc.org/docs/cve-2023-50387 https://lists&# • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

Windows Printing Service Spoofing Vulnerability Vulnerabilidad de suplantación del servicio de impresión de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.0EPSS: 0%CPEs: 16EXPL: 0

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Microsoft Message Queuing (MSMQ) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21405 • CWE-591: Sensitive Data Storage in Improperly Locked Memory •

CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecución remota de código de SQL Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21391 • CWE-197: Numeric Truncation Error •

CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0

Windows DNS Information Disclosure Vulnerability Vulnerabilidad de divulgación de información DNS de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21377 • CWE-197: Numeric Truncation Error •